1#!/usr/bin/env python3.4 2# 3# Copyright 2020 - The Android Open Source Project 4# 5# Licensed under the Apache License, Version 2.0 (the "License"); 6# you may not use this file except in compliance with the License. 7# You may obtain a copy of the License at 8# 9# http://www.apache.org/licenses/LICENSE-2.0 10# 11# Unless required by applicable law or agreed to in writing, software 12# distributed under the License is distributed on an "AS IS" BASIS, 13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14# See the License for the specific language governing permissions and 15# limitations under the License. 16 17from acts import asserts 18from acts.test_decorators import test_tracker_info 19import acts_contrib.test_utils.wifi.wifi_test_utils as wutils 20from acts_contrib.test_utils.wifi.WifiBaseTest import WifiBaseTest 21 22WifiEnums = wutils.WifiEnums 23 24EAP = WifiEnums.Eap 25Ent = WifiEnums.Enterprise 26WPA3_SECURITY = "SUITE_B_192" 27 28 29class WifiWpa3EnterpriseTest(WifiBaseTest): 30 """Tests for WPA3 Enterprise.""" 31 32 def setup_class(self): 33 super().setup_class() 34 35 self.dut = self.android_devices[0] 36 wutils.wifi_test_device_init(self.dut) 37 req_params = [ 38 "ec2_ca_cert", "ec2_client_cert", "ec2_client_key", "rsa3072_ca_cert", 39 "rsa3072_client_cert", "rsa3072_client_key", "wpa3_ec2_network", 40 "wpa3_rsa3072_network", "rsa2048_client_cert", "rsa2048_client_key", 41 "rsa3072_client_cert_expired", "rsa3072_client_cert_corrupted", 42 "rsa3072_client_cert_unsigned", "rsa3072_client_key_unsigned", 43 ] 44 self.unpack_userparams(req_param_names=req_params,) 45 46 def setup_test(self): 47 super().setup_test() 48 for ad in self.android_devices: 49 ad.droid.wakeLockAcquireBright() 50 ad.droid.wakeUpNow() 51 wutils.wifi_toggle_state(self.dut, True) 52 53 def teardown_test(self): 54 super().teardown_test() 55 for ad in self.android_devices: 56 ad.droid.wakeLockRelease() 57 ad.droid.goToSleepNow() 58 wutils.reset_wifi(self.dut) 59 60 ### Tests ### 61 62 @test_tracker_info(uuid="404c6165-6e23-4ec1-bc2c-9dfdd5c7dc87") 63 def test_connect_to_wpa3_enterprise_ec2(self): 64 asserts.skip_if( 65 self.dut.build_info["build_id"].startswith("R"), 66 "No SL4A support for EC certs in R builds. Skipping this testcase") 67 config = { 68 Ent.EAP: int(EAP.TLS), 69 Ent.CA_CERT: self.ec2_ca_cert, 70 WifiEnums.SSID_KEY: self.wpa3_ec2_network[WifiEnums.SSID_KEY], 71 Ent.CLIENT_CERT: self.ec2_client_cert, 72 Ent.PRIVATE_KEY_ID: self.ec2_client_key, 73 WifiEnums.SECURITY: WPA3_SECURITY, 74 "identity": self.wpa3_ec2_network["identity"], 75 "domain_suffix_match": self.wpa3_ec2_network["domain"], 76 "cert_algo": self.wpa3_ec2_network["cert_algo"] 77 } 78 wutils.connect_to_wifi_network(self.dut, config) 79 80 @test_tracker_info(uuid="b6d22585-f7c1-418d-bd4b-b627af8c228c") 81 def test_connect_to_wpa3_enterprise_rsa3072(self): 82 config = { 83 Ent.EAP: int(EAP.TLS), 84 Ent.CA_CERT: self.rsa3072_ca_cert, 85 WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY], 86 Ent.CLIENT_CERT: self.rsa3072_client_cert, 87 Ent.PRIVATE_KEY_ID: self.rsa3072_client_key, 88 WifiEnums.SECURITY: WPA3_SECURITY, 89 "identity": self.wpa3_rsa3072_network["identity"], 90 "domain_suffix_match": self.wpa3_rsa3072_network["domain"] 91 } 92 # Synology AP is slow in sending out IP address after the connection. 93 # Increasing the wait time to receive IP address to 60s from 15s. 94 wutils.connect_to_wifi_network(self.dut, config, check_connectivity=False) 95 wutils.validate_connection(self.dut, wait_time=60) 96 97 @test_tracker_info(uuid="4779c662-1925-4c26-a4d6-3d729393796e") 98 def test_connect_to_wpa3_enterprise_insecure_rsa_cert(self): 99 config = { 100 Ent.EAP: int(EAP.TLS), 101 Ent.CA_CERT: self.rsa3072_ca_cert, 102 WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY], 103 Ent.CLIENT_CERT: self.rsa2048_client_cert, 104 Ent.PRIVATE_KEY_ID: self.rsa2048_client_key, 105 WifiEnums.SECURITY: WPA3_SECURITY, 106 "identity": self.wpa3_rsa3072_network["identity"], 107 "domain_suffix_match": self.wpa3_rsa3072_network["domain"] 108 } 109 logcat_msg = "E WifiKeyStore: Invalid certificate type for Suite-B" 110 try: 111 wutils.connect_to_wifi_network(self.dut, config) 112 asserts.fail("WPA3 Ent worked with insecure RSA key. Expected to fail.") 113 except: 114 logcat_search = self.dut.search_logcat(logcat_msg) 115 self.log.info("Logcat search results: %s" % logcat_search) 116 asserts.assert_true(logcat_search, "No valid error msg in logcat") 117 118 @test_tracker_info(uuid="897957f3-de25-4f9e-b6fc-9d7798ea1e6f") 119 def test_connect_to_wpa3_enterprise_expired_rsa_cert(self): 120 config = { 121 Ent.EAP: int(EAP.TLS), 122 Ent.CA_CERT: self.rsa3072_ca_cert, 123 WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY], 124 Ent.CLIENT_CERT: self.rsa3072_client_cert_expired, 125 Ent.PRIVATE_KEY_ID: self.rsa2048_client_key, 126 WifiEnums.SECURITY: WPA3_SECURITY, 127 "identity": self.wpa3_rsa3072_network["identity"], 128 "domain_suffix_match": self.wpa3_rsa3072_network["domain"] 129 } 130 logcat_msg = "E WifiKeyStore: Invalid certificate type for Suite-B" 131 try: 132 wutils.connect_to_wifi_network(self.dut, config) 133 asserts.fail("WPA3 Ent worked with expired cert. Expected to fail.") 134 except: 135 logcat_search = self.dut.search_logcat(logcat_msg) 136 self.log.info("Logcat search results: %s" % logcat_search) 137 asserts.assert_true(logcat_search, "No valid error msg in logcat") 138 139 @test_tracker_info(uuid="f7ab30e2-f2b5-488a-8667-e45920fc24d1") 140 def test_connect_to_wpa3_enterprise_corrupted_rsa_cert(self): 141 config = { 142 Ent.EAP: int(EAP.TLS), 143 Ent.CA_CERT: self.rsa3072_ca_cert, 144 WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY], 145 Ent.CLIENT_CERT: self.rsa3072_client_cert_corrupted, 146 Ent.PRIVATE_KEY_ID: self.rsa2048_client_key, 147 WifiEnums.SECURITY: WPA3_SECURITY, 148 "identity": self.wpa3_rsa3072_network["identity"], 149 "domain_suffix_match": self.wpa3_rsa3072_network["domain"] 150 } 151 try: 152 wutils.connect_to_wifi_network(self.dut, config) 153 asserts.fail("WPA3 Ent worked with corrupted cert. Expected to fail.") 154 except: 155 asserts.explicit_pass("Connection failed as expected.") 156 157 @test_tracker_info(uuid="f934f388-dc0b-4c78-a493-026b798c15ca") 158 def test_connect_to_wpa3_enterprise_unsigned_rsa_cert(self): 159 config = { 160 Ent.EAP: int(EAP.TLS), 161 Ent.CA_CERT: self.rsa3072_ca_cert, 162 WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY], 163 Ent.CLIENT_CERT: self.rsa3072_client_cert_unsigned, 164 Ent.PRIVATE_KEY_ID: self.rsa3072_client_key_unsigned, 165 WifiEnums.SECURITY: WPA3_SECURITY, 166 "identity": self.wpa3_rsa3072_network["identity"], 167 "domain_suffix_match": self.wpa3_rsa3072_network["domain"] 168 } 169 try: 170 wutils.connect_to_wifi_network(self.dut, config) 171 asserts.fail("WPA3 Ent worked with unsigned cert. Expected to fail.") 172 except: 173 asserts.explicit_pass("Connection failed as expected.") 174 175 @test_tracker_info(uuid="7082dc90-5eb8-4055-8b48-b555a98a837a") 176 def test_connect_to_wpa3_enterprise_wrong_domain_rsa_cert(self): 177 config = { 178 Ent.EAP: int(EAP.TLS), 179 Ent.CA_CERT: self.rsa3072_ca_cert, 180 WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY], 181 Ent.CLIENT_CERT: self.rsa3072_client_cert, 182 Ent.PRIVATE_KEY_ID: self.rsa3072_client_key, 183 WifiEnums.SECURITY: WPA3_SECURITY, 184 "identity": self.wpa3_rsa3072_network["identity"], 185 "domain_suffix_match": self.wpa3_rsa3072_network["domain"]+"_wrong" 186 } 187 try: 188 wutils.connect_to_wifi_network(self.dut, config) 189 asserts.fail("WPA3 Ent worked with unsigned cert. Expected to fail.") 190 except: 191 asserts.explicit_pass("Connection failed as expected.") 192 193 @test_tracker_info(uuid="9ad5fd82-f115-42c3-b8e8-520144485ea1") 194 def test_network_selection_status_for_wpa3_ent_wrong_domain_rsa_cert(self): 195 config = { 196 Ent.EAP: int(EAP.TLS), 197 Ent.CA_CERT: self.rsa3072_ca_cert, 198 WifiEnums.SSID_KEY: self.wpa3_rsa3072_network[WifiEnums.SSID_KEY], 199 Ent.CLIENT_CERT: self.rsa3072_client_cert, 200 Ent.PRIVATE_KEY_ID: self.rsa2048_client_key, 201 WifiEnums.SECURITY: WPA3_SECURITY, 202 "identity": self.wpa3_rsa3072_network["identity"], 203 "domain_suffix_match": self.wpa3_rsa3072_network["domain"]+"_wrong" 204 } 205 try: 206 wutils.connect_to_wifi_network(self.dut, config) 207 asserts.fail("WPA3 Ent worked with corrupted cert. Expected to fail.") 208 except: 209 asserts.assert_true( 210 self.dut.droid.wifiIsNetworkTemporaryDisabledForNetwork(config), 211 "WiFi network is not temporary disabled.") 212 asserts.explicit_pass( 213 "Connection failed with correct network selection status.") 214